Google recently released the March security patch for Android, which addressed a “High” severity vulnerability in the Pixel’s Markup screenshot tool. However, reverse engineers Simon Aarons and David Buchanan discovered a security flaw, known as CVE-2023-21036, that still puts Pixel users at risk of having their older images compromised due to Google’s oversight.
The flaw, dubbed “aCropalypse,” allows someone to take a PNG screenshot cropped in Markup and undo some of the edits in the image. This capability could be abused by bad actors to reveal sensitive information that was redacted by a Pixel owner using Markup. Buchanan’s blog provides technical details on the vulnerability.
Introducing acropalypse: a serious privacy vulnerability in the Google…
Link from www.engadget.com